17

Please examine the following code:

if (foo->bar == NULL);
   foo->bar = strdup("Unknown");

I spent the last part of three hours hunting down that leak with Valgrind, feeling very silly when I discovered the bogus ';'.

I know that the above code is valid C, however I would love for GCC to be able to tell me if I'm using a conditional as a statement.

Is there a flag that I could pass which would help spot this type of mistake in the future? It seems to me that GCC would be able to know if a conditional is useless.

That is,

if (1 == 1);
  code_that_is_always_reached_since_conditional_is_a_statement();

None of the lints take issue with this either. Valgrind is great to find these kinds of things .. but the leak was actually much later in the code than where the pointer was originally allocated.

To summarize, here are your options:

  • -Wextra picks up on all kinds of things that -Wall does not, including empty or useless statements.
  • -Wempty-body picks up on useless statements, which is enabled by -Wextra (but it can break older versions of GCC, but it works on 4.3.x)

Some people might find -Wextra annoying. You may have a comparison between types of different signedness, but you know the comparison happens only when they are the same.

That is,

int ret;
unsigned int i;

ret = foo(bar); /* foo() is known to return a signed errno on failure */
if (ret < 0)
  return 1;

/* Enter GCC complaining that ret differs in signedness
 * (but you know it doesn't and get the urge to cast it) */
for (i = 0; i < ret; i ++)
   ...
Peter Mortensen
  • 30,738
  • 21
  • 105
  • 131
Tim Post
  • 33,371
  • 15
  • 110
  • 174
  • 1
    This was mentioned in [episode 512](https://www.se-radio.net/2022/05/episode-512-tim-post-on-rubber-duck-debugging/) of podcast *Software Engineering Radio* (2022-05). Title: *"Tim Post on Rubber Duck Debugging"*. – Peter Mortensen Jun 26 '22 at 10:56

5 Answers5

32

Code

/* foo.c */
int main() {
   if (1) ; 
   return 0;
}

Compilation

gcc -Wextra -c foo.c

foo.c: In function ‘main’:
foo.c:2: warning: empty body in an if-statement
Peter Mortensen
  • 30,738
  • 21
  • 105
  • 131
Employed Russian
  • 199,314
  • 34
  • 295
  • 362
  • 2
    I love it that -Wall doesn't mean -Wall. It was worth losing 2 rep to learn about -Wextra. – Norman Ramsey May 12 '09 at 04:47
  • It's for backwards-compatibility. The documentation is very clear (even repeating itself) on this point. Wall says it activates, "All of the above -W options combined.", "This enables all the warnings about constructions that some users consider questionable, and that are easy to avoid" and "The following -W... options are not implied by -Wall.", etc. Further, many warnings reiterate whether Wall activates it. – Matthew Flaschen May 12 '09 at 04:52
  • 4
    @Matthew - The documentation is also almost impossible to navigate because it's so massive. Perhaps they should repeat themselves a little less... – Chris Lutz May 12 '09 at 04:55
  • Thanks for this! I also picked up on half a dozen comparisons between types of different signedness, one of which was dangerous. I also had a 'false;' instead of 'return false;' , which -Wall did not pick up. – Tim Post May 12 '09 at 05:00
  • It's mostly massive because there are so many options. They could break it up into sections (different man page for each section), but for those of us with decent pagers that actually becomes /more/ work. For instance, zsh does this, and I find it annoying. – Matthew Flaschen May 12 '09 at 05:02
  • there are also some useful error flags not included in -Wall and -Wextra ; see http://stackoverflow.com/questions/432835/how-do-you-ensure-that-you-as-programmer-have-written-quality-c-code/432852#432852 for what I use to compile C code with gcc – Christoph May 12 '09 at 07:55
  • @Chris Lutz: Agreed, almost every really useful switch in gcc is an easter egg, though it remains one of the best documented compilers ever written. – Tim Post Nov 11 '09 at 15:45
10

After digging deep into the GCC manual:

-Wempty-body
Warn if an empty body occurs in an if', else' or `do while' statement. This warning is also enabled by -Wextra.

As some other posters wrote, -Wextra should do it.

Sample code

int main(){

        if (0);
                printf("launch missiles");
        return 0;
}

Compilation

gcc -Wempty-body foo.c

Output

warn.c: In function ‘main’:
warn.c:5: warning: suggest braces around empty body in an ‘if’ statement
Peter Mortensen
  • 30,738
  • 21
  • 105
  • 131
Tom
  • 43,810
  • 29
  • 138
  • 169
  • +1, its nice to be able to squelch other stuff that -Wextra picks up on, such as comparisons between two things of different signedness (when you know damn well the value of both is unsigned), i.e. the check is not reached if one of the values is signed. – Tim Post May 12 '09 at 05:03
  • The only problem is, this breaks earlier versions of gcc (4.2.x or earlier). – Tim Post May 17 '09 at 14:06
6

Try -Wextra

JimG
  • 1,782
  • 8
  • 9
6

As an alternative to the compiler, I find that running an autoindenter over the code helps find these situations.

In Vim for example:

gg=G
Peter Mortensen
  • 30,738
  • 21
  • 105
  • 131
Bill Lynch
  • 80,138
  • 16
  • 128
  • 173
2

In addition to the previous answers, if you find yourself getting frustrated hunting for a bug using Valgrind or a similar execution profiler, you should perhaps consider using a static analysis tool, such as lint. Personally, I use PC-LINT, which catches all sorts of these types of bugs.

Peter Mortensen
  • 30,738
  • 21
  • 105
  • 131
SmacL
  • 22,555
  • 12
  • 95
  • 149
  • the OP said that lint didn't pick up this problem... do you believe it can? – hhafez May 12 '09 at 06:04
  • Just checked, PC-Lint catches it, albeit as a missing 'else'. I use VC++ which always catches it, hence I have never actually encountered it first hand. The point I'm making is that where dynamic analysis (valgrind, boundschecker, etc..) is drawing a blank, static analysis may show results. The reverse is equally true of course. I find it worthwhile to lint all my code for easily made snafus. – SmacL May 12 '09 at 07:26
  • PC-Lint combined with the MISRA-C rules file would certainly pick this up as it would complain about the lack of braces after the 'if' statement. – DrAl May 12 '09 at 07:38
  • A lack of braces after an if statement can be valid C89/99 , which is what I use. The lintian I use is called splint, it does a pretty good job of picking up things that the compiler did not. For instance, I use the -Wno-unused flag, since I know I have some static functions that have not been wired together yet, but this also squelches warning for unused variables. So, splint picks that up, and more. smaci is correct in that there has to be a good combination of lints and compiler flags, especially when you set your compiler to treat warnings as errors. I'm still brewing that magic recipe :) – Tim Post May 13 '09 at 02:10